rpm package
suse/osc&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/osc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9274 | — | < 0.162.1-7.4.1 | 0.162.1-7.4.1 | Mar 1, 2018 | A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs. | ||
| CVE-2017-14804 | — | < 0.162.1-7.4.1 | 0.162.1-7.4.1 | Mar 1, 2018 | The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. | ||
| CVE-2016-4007 | Cri | 9.8 | < 0.162.1-7.4.1 | 0.162.1-7.4.1 | Apr 13, 2016 | Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options." | |
| CVE-2015-0778 | — | < 0.152.0-6.2 | 0.152.0-6.2 | Mar 16, 2015 | osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. |
- CVE-2017-9274Mar 1, 2018affected < 0.162.1-7.4.1fixed 0.162.1-7.4.1
A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.
- CVE-2017-14804Mar 1, 2018affected < 0.162.1-7.4.1fixed 0.162.1-7.4.1
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
- affected < 0.162.1-7.4.1fixed 0.162.1-7.4.1
Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."
- CVE-2015-0778Mar 16, 2015affected < 0.152.0-6.2fixed 0.152.0-6.2
osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.